-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AesSivKey supports 32, 48, and 64 bytes. But AesSivKeyManager only 64 #32
Comments
The fact that Tink only supports 64 byte keys is intentional. See https://developers.google.com/tink/deterministic-aead#choose_a_key_type. However, we could create a separate configuration which supports 32 byte keys. The code would then look as follows:
(Note: it only differs in the last line). The name of the config would have to be decided. |
The question is whether this satisfies users. However, looking at the code it also doesn't seem right that https://cloud.google.com/sensitive-data-protection/docs/pseudonymization simply supports 32 byte keys (though I don't really understand the documentation) |
We currently don't plan to change this. Please comment if you need this, or maybe ping the team who is interested in this to contact us internally (I wouldn't know how to find the people who want this). |
Describe the bug:
AesSivParameters
allows and validates keys of lengths 32, 48, and 64 byteshttps://github.com/tink-crypto/tink-java/blob/main/src/main/java/com/google/crypto/tink/daead/AesSivParameters.java#L54-L69
However
AesSivKeyManager
Supports only 64https://github.com/tink-crypto/tink-java/blob/main/src/main/java/com/google/crypto/tink/daead/AesSivKeyManager.java#L79-L87
What was the expected behavior?
For keys of 128 bit (32byte) to work. I suppose
validateKeyFormat
inkeyFactory
would need to accept all of the allowed lengthsHow can we reproduce the bug?
This code breaks when building the
KeysetHandle aesSivKeyHandle
because the key I'm using is 32 bytes long.Do you have any debugging information?
What version of Tink are you using?
1.12.0.
Can you tell us more about your development environment?
JDK 11
The text was updated successfully, but these errors were encountered: